3efe3581fa62f4e9f1f5cc7aacbad263_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3efe3581fa62f4e9f1f5cc7aacbad263_JaffaCakes118
Size

2.1MB
MD5

3efe3581fa62f4e9f1f5cc7aacbad263
SHA1

c22e95f21d25f9a90c2fd6ab59bf6574f4ff1dc9
SHA256

404acbf3f48d97ce863109b43e396718040b290dd1420b063b68d06271f5c526
SHA512

01551d453b2d0142aa4631e907389952b836cd1fd97bdf4ab9024a9ad2b76281b24626173ba030e35c4e60f01b8722504fba2a6355a64cebf49f6cd7796f0893
SSDEEP

49152:mPju8Cv3YygDjRxe87J8BKbY7iQ0+it6ewUZEEBl:a68vyAx7J2beQ4t4UZEA

Score

1^/10

Malware Config

Signatures

Files

3efe3581fa62f4e9f1f5cc7aacbad263_JaffaCakes118
.exe windows:4 windows x86 arch:x86

78edf21f658dec92426ece2d04e0ddfc

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:73:d3:31:3c:f6:51:55:90:7c:a5:70:0f:46:0d:eb
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30/05/2006, 00:00

Not After

29/05/2008, 23:59

Subject

CN=Foxit Software Company,OU=SECURE APPLICATION DEVELOPMENT,O=Foxit Software Company,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

53:26:88:54:28:f0:5b:b6:64:bd:9a:50:b9:91:4e:fc:a2:a0:59:6f
Signer

Actual PE Digest

53:26:88:54:28:f0:5b:b6:64:bd:9a:50:b9:91:4e:fc:a2:a0:59:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
Sleep
DeleteFileA
GetModuleFileNameA
CloseHandle
WriteFile
CreateDirectoryA
CreateFileA
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetTempPathA
GetLastError
MultiByteToWideChar
FindFirstFileA
LockResource
FindClose
RaiseException
LCMapStringW
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
ReadFile
GetProcAddress
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
SetEndOfFile

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78edf21f658dec92426ece2d04e0ddfc

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

07:73:d3:31:3c:f6:51:55:90:7c:a5:70:0f:46:0d:ebCertificate

Extended Key Usages

53:26:88:54:28:f0:5b:b6:64:bd:9a:50:b9:91:4e:fc:a2:a0:59:6fSigner

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

01
Certificate

0a
Certificate

07:73:d3:31:3c:f6:51:55:90:7c:a5:70:0f:46:0d:eb
Certificate

53:26:88:54:28:f0:5b:b6:64:bd:9a:50:b9:91:4e:fc:a2:a0:59:6f
Signer

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB